Nicolas Papernot, Associate Professor of Electrical and Computer Engineering and Faculty Member at the Vector Institute, at the University of Toronto.Nick Iwanyshyn/Supplied
Researchers at the University of Toronto say they have discovered a new cyberthreat – a method of using artificial intelligence to create a dangerous computer worm that can modify its tactics as it spreads from one device to another.
Cybersecurity concerns about AI have largely centred around powerful large language models such as OpenAI’s GPT-5.5-Cyber and Anthropic’s Claude Mythos Preview.
Anthropic and OpenAI both opted to initially release those models to carefully selected organizations, such as digital infrastructure providers and banks, because of the risks they could pose in the wrong hands. On Tuesday, Artificial Intelligence Minister Evan Solomon said the Canadian government is partnering with Anthropic to access Mythos in order to bolster cybersecurity.
However, the research published Tuesday by the CleverHans Lab at the University of Toronto and the Vector Institute suggests there is a cheaper, more accessible way for hackers to use AI to wreak havoc.
“There’s a whole other area of threat that has been ignored until now,” said Nicolas Papernot, one of the researchers who co-authored the paper and a Canada CIFAR AI Chair.
Any device connected to the internet is at risk, Mr. Papernot said, from laptops, to cameras, to printers.
Opinion: Mythos sets the world on edge. What comes next may push us beyond
Unlike other types of viruses, worms spread from machine to machine without human intervention, copying themselves onto every device they touch.
Traditionally, worms followed scripts generated by humans, failing if they hit a defence they weren’t designed to crack.
One of the more prominent examples is the WannaCry worm that infected hundreds of thousands of computers around the world in 2017, encrypting data on those computers and demanding ransom payments.
As demonstrated by the prototype created by the researchers, AI can make worms more dangerous by allowing them to adapt on the fly, generating attack strategies that are specifically tailored to each machine that they interact with.
“When the worm gains control of a server that’s sufficiently capable to run the AI model, it also hijacks that computing power to then spread to even more devices, so the attack surface is potentially very large,” Mr. Papernot said.
The researchers debated whether to publish their findings or not, worried that doing so would effectively give bad actors a blueprint for how to conduct such an attack. In the end, they opted to simply omit certain information, including details about how they built their prototype. They tested the prototype in an isolated environment.
Canada’s cybersecurity agency to get access to OpenAI’s latest model, sources say
The researchers hope that the significance of their findings will serve as a call to action, Mr. Papernot said.
“It is something that will require collaboration beyond academia and beyond the cybersecurity and AI communities. I think it’s really important that we mobilize not only the research community but also governments, to offer, at the international level, the right regulatory frameworks for this kind of research to continue happening,” he said.
Individuals can take steps to protect themselves as well; for instance by ensuring that their devices are up to date, setting up multifactor authentication and not reusing passwords. During the experiment, the researchers found that the worm was able to use a password it had found on one machine to gain access to another, Mr. Papernot said.
“We can’t afford to be sloppy with our cybersecurity hygiene any more.”